[GRASS-dev] grass.osgeo.org contains harmful programs

Hi,

in google chrome on Windows machine, I am getting big red screen “The site ahead contains harmful programs”. Details:

Diagnostic page for grass.osgeo.org

What is the current listing status for grass.osgeo.org?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 161 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-08-06, and the last time suspicious content was found on this site was on 2015-08-06.

This site was hosted on 1 network(s) including AS3701 (NERONET).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, grass.osgeo.org did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Anyone else having problems like that?

Thanks,

Anna

On Fri, Aug 7, 2015 at 3:55 PM, Anna Petrášová <kratochanna@gmail.com> wrote:

Hi,

in google chrome on Windows machine, I am getting big red screen "The site
ahead contains harmful programs". Details:

The same happens with qgis.org etc

http://lists.osgeo.org/pipermail/sac/2015-August/005742.html

On one of the OSGeo sites might be nasty stuff.
I updated the GRASS GIS CMS already yesterday. Nothing found so far.

Perhaps it is elsewhere and Google treats the entire *.osgeo.org
domain as one provider?

Markus

On 07-08-15 15:55, Anna Petrášová wrote:

Anyone else having problems like that?

Seems related the OSGeo server upgrade, QGIS is reporting the same issue:

https://lists.osgeo.org/pipermail/qgis-developer/2015-August/038774.html

Kind Regards,

Bas

--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1

On Fri, Aug 7, 2015 at 4:06 PM, Sebastiaan Couwenberg
<sebastic@xs4all.nl> wrote:

On 07-08-15 15:55, Anna Petrášová wrote:

Anyone else having problems like that?

Seems related the OSGeo server upgrade, QGIS is reporting the same issue:

It seems to come from the QGIS site:
http://quttera.com/detailed_report/www.qgis.org

but the grass.osgeo.org is reported to be clean:
http://quttera.com/detailed_report/grass.osgeo.org

Too bad that Google blacklists the entire domain (qgis is hosted on osgeo.org!
(investigations are ongoing in the osgeo-sac list)

If anyone knows other scanners, please help us in order to identify the problem.

Markus

On Fri, Aug 7, 2015 at 3:55 PM, Anna Petrášová <kratochanna@gmail.com> wrote:

Hi,

in google chrome on Windows machine, I am getting big red screen "The site
ahead contains harmful programs". Details:

... I spent several hours on this issue and did not identify any problem.
Again: the CMS is also updated to the latest version. File locally
checked for modification. CSS Stylesheets manually checked for
injection.

New - thanks to Martin Spott we have now https:// support for
https://grass.osgeo.org/
https://grasswiki.osgeo.org/wiki/Main_Page

This will hopefully help to solve the current blacklisting by Google.

Markus

PS: If anyone has a scanner, please scan the site. Just to exclude any
issue which we didn't manage to identify so far.

Https version is also blacklisted.

Doug

···

On Sun, Aug 9, 2015 at 5:11 PM, Markus Neteler <neteler@osgeo.org> wrote:

On Fri, Aug 7, 2015 at 3:55 PM, Anna Petrášová <kratochanna@gmail.com> wrote:

Hi,

in google chrome on Windows machine, I am getting big red screen “The site
ahead contains harmful programs”. Details:

… I spent several hours on this issue and did not identify any problem.
Again: the CMS is also updated to the latest version. File locally
checked for modification. CSS Stylesheets manually checked for
injection.

New - thanks to Martin Spott we have now https:// support for
https://grass.osgeo.org/
https://grasswiki.osgeo.org/wiki/Main_Page

This will hopefully help to solve the current blacklisting by Google.

Markus

PS: If anyone has a scanner, please scan the site. Just to exclude any
issue which we didn’t manage to identify so far.


grass-dev mailing list
grass-dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/grass-dev

Doug Newcomb
USFWS
Raleigh, NC
919-856-4520 ext. 14 doug_newcomb@fws.gov

The opinions I express are my own and are not representative of the official policy of the U.S.Fish and Wildlife Service or Dept. of the Interior. Life is too short for undocumented, proprietary data formats.

On Mon, Aug 10, 2015 at 1:37 PM, Newcomb, Doug <doug_newcomb@fws.gov> wrote:

Https version is also blacklisted.

I know... Maybe avoid the Chrome browser for now.

Markus

On Mon, Aug 10, 2015 at 8:52 AM, Markus Neteler <neteler@osgeo.org> wrote:

On Mon, Aug 10, 2015 at 1:37 PM, Newcomb, Doug <doug_newcomb@fws.gov>
wrote:
> Https version is also blacklisted.

I know... Maybe avoid the Chrome browser for now.

Just for the record: Chromium and Firefox are fine at least today on
Lubuntu 15.04.

Yes, it’s just with Google Chrome.

Unfortunately about 28% of the web is using google chrome, http://www.netmarketshare.com/browser-market-share.aspx?qprid=1http://www.netmarketshare.com/browser-market-share.aspx?qprid=1 , and will see the red warning until the review process is finished

https://support.google.com/webmasters/answer/168328

https://support.google.com/webmasters/answer/35843

Doug

···

On Mon, Aug 10, 2015 at 9:11 AM, Vaclav Petras <wenzeslaus@gmail.com> wrote:

On Mon, Aug 10, 2015 at 8:52 AM, Markus Neteler <neteler@osgeo.org> wrote:

On Mon, Aug 10, 2015 at 1:37 PM, Newcomb, Doug <doug_newcomb@fws.gov> wrote:

Https version is also blacklisted.

I know… Maybe avoid the Chrome browser for now.

Just for the record: Chromium and Firefox are fine at least today on Lubuntu 15.04.

Doug Newcomb
USFWS
Raleigh, NC
919-856-4520 ext. 14 doug_newcomb@fws.gov

The opinions I express are my own and are not representative of the official policy of the U.S.Fish and Wildlife Service or Dept. of the Interior. Life is too short for undocumented, proprietary data formats.

Hi,

just FYI:

root@osgeo6:~# clamscan --infected --remove --recursive /var/www/

----------- SCAN SUMMARY -----------
Known viruses: 3930644
Engine version: 0.98.7
Scanned directories: 221355
Scanned files: 1325267
Infected files: 0 <<<------ !
Data scanned: 27042.44 MB
Data read: 35670.30 MB (ratio 0.76:1)
Time: 1793.563 sec (29 m 53 s)
Nothing found.

Markus

Markus,
Your efforts to resolve this issue are very much appreciated.

Doug

···

On Mon, Aug 10, 2015 at 10:08 AM, Markus Neteler <neteler@osgeo.org> wrote:

Hi,

just FYI:

root@osgeo6:~# clamscan --infected --remove --recursive /var/www/

----------- SCAN SUMMARY -----------
Known viruses: 3930644
Engine version: 0.98.7
Scanned directories: 221355
Scanned files: 1325267
Infected files: 0 <<<------ !
Data scanned: 27042.44 MB
Data read: 35670.30 MB (ratio 0.76:1)
Time: 1793.563 sec (29 m 53 s)
Nothing found.

Markus

Doug Newcomb
USFWS
Raleigh, NC
919-856-4520 ext. 14 doug_newcomb@fws.gov

The opinions I express are my own and are not representative of the official policy of the U.S.Fish and Wildlife Service or Dept. of the Interior. Life is too short for undocumented, proprietary data formats.

No more red screen, at least for me!

···

On Mon, Aug 10, 2015 at 10:23 AM, Newcomb, Doug <doug_newcomb@fws.gov> wrote:

Markus,
Your efforts to resolve this issue are very much appreciated.

Doug

On Mon, Aug 10, 2015 at 10:08 AM, Markus Neteler <neteler@osgeo.org> wrote:

Hi,

just FYI:

root@osgeo6:~# clamscan --infected --remove --recursive /var/www/

----------- SCAN SUMMARY -----------
Known viruses: 3930644
Engine version: 0.98.7
Scanned directories: 221355
Scanned files: 1325267
Infected files: 0 <<<------ !
Data scanned: 27042.44 MB
Data read: 35670.30 MB (ratio 0.76:1)
Time: 1793.563 sec (29 m 53 s)
Nothing found.

Markus

Doug Newcomb
USFWS
Raleigh, NC
919-856-4520 ext. 14 doug_newcomb@fws.gov

The opinions I express are my own and are not representative of the official policy of the U.S.Fish and Wildlife Service or Dept. of the Interior. Life is too short for undocumented, proprietary data formats.

On Mon, Aug 10, 2015 at 4:52 PM, Anna Petrášová <kratochanna@gmail.com> wrote:

No more red screen, at least for me!

... now also propagated to Google Italy... so grass.osgeo.org is back.

"Nice" false alarm...

Markus